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RELATED APPLICATIONS 

This application claims the benefit of the earlier filing date of provisional applicatic^n serial 
5 number 60/140,564, Jfiled June 23, 1999, entitled Public Key Encryption With Digital Signature Scheme, under 
35US.C § 119. 

BACKGROUND OF THE INVENTION 
Field of the Invention 

1 0 This invention relates to the field of public-key cryptography. More specifically, it is directed 

3 to a combined and improved public key encryption and digital signature scheme. 

I Background of the Invention 

0 Cryptography essentially provides confidentiality, authentication, integrity and non-rep udiation 

3 5 for communication between different parties over public communication channels. 

hi a public-key scheme, each user has a key pair consisting of a public key that is made pubUcly 

3 available, and a private key that is kept secret Tlie two keys are related by a hard one-way function, so as to 
make it infeasible to determine the private key from the public key. The public-key scheme allows a s iignature 
in the form of a digital signature to accompany a message. 

20 In the public-key environment, tiriere are preferably three major processes. First, there is the 

certification process. A certificate authority creates a certificate that binds a user identity to the public key. A 
certificate repositoiy provides a database of certificates where the pubUc can access and retrieve the pubUc key 
information of participants. In addition, there is a registration authority that acts as an assistant to the certificate 
authority. In essence, the registration authority is used to validate the binding. The second process is the 
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encryption scheme that essentially converts a plaintext message into a ciphertext message. The third pK)cess is 
a digital signature process. The present invention relates specifically to the latter process and how it may be 
combined with the encryption process. 

A digital signature is a cryptograpliic primitive that provides a means for a user or an entity to 
5 bind its identity to a piece of information. A digital signature of a message is a sequence of bytes dependent on 
some secret known only to the signer, and, additionally, on the content of the message being signed. Such 
signatures must be verijaable, if a dispute arises as to whether a party signed a document The process of signing 
entails transforming the message and a key unique to a particular user into a tag called a digital signatoe. A 
digital signature may be used to prove the identity of the sender and the integrity of data. To verify the digital 
1 0 signature, a recipient of a digitally signed message can use a verification rule associated with the digital signature 
O scheme. Any attempt to modify the contents of tlie message or forge a signature will be detected when the 
3 signature is verified. 

I U Each of the above stages requires a certain degree of undesirable computational processiing and 

£9 a certain degree of byte-size overhead associated in the transmission of a communication to make the overall 

^ f 5 public-key process secure. 

Therefore, there remains an on igoing desire to reduce the additional byte and prcM:essing 
5f overhead associated with the public-key system while at the same time, not reducing the effectiveness of the 
public-key system. 

20 SUMMARY OF THE INVENTION 

It is an object of the invention to reduce some of the drawbacks of the prior art public-key 

systems. 

It is an object of the invention to reduce computational processing associated with public-key 

schemes. 
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It is an object of the invention to reduce byte-size overhead associated with the transmission of 
the digital signature. 

It is a fiirther object of the present invention to provide a public key scheme with an improved 
encryption and digital signature scheme. The improved encryption and signature scheme can work in any finite 
cyclic group, such as a group of points on an elliptic curve over a fmite field. 

More specifically, in tiie present invention, there is provided an improved encryption and digital 
signature scheme that reuses an ephemeral key pair fi*om the encryption process in the signature process. 
Advantageously, the reuse of the ephemeral key allows the digital signature to be reduced in byte size. Mother 
advantage is that costly computation may be avoided. 

According to the invention, a public-key encryption process comprises the steps of encrypting 
a plaintext message into a ciphertext message, the encrypting step includes the step of producing an ephemeral 
key pair, and signing a digital signature using the ephemeral key pair. 

In another inventive aspect, a pubiic-key encryption system comprises means for encr^^pting a 
plaintext message into a ciphertext message, the encrypting means producing an ephemeral key pair, an<i means 
for signing a digital signature using the ephemeral key pair. 

A further aspect of the invention involves a software program on a computer-readable storage 
medium, which when executed by a processor performs a public-key encryption process comprising the steps of 
encrypting a plaintext message into a ciphertext message, the encrypting step includes the step of producing an 
ephemeral key pair, and signing a digital signature for the ciphertext message using the ephemeral key. 

hi a preferred embodiment described herein, the invention is based on the El Gamal encryption 
and Nyberg-Rueppel signature schemes. Other encryption and digital signature schemes are all well williin the 
scope of the invention. 

In the inventive process, system or software program, the ephemeral key pair may be produced 
by generating an encryption ephemeral private key x and calculating an encryption ephemeral public key X = xG, 
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where G is a generator. According to a fiirftier prefeiTed embodiment, the digital signature comprises a &st value 
r and a second value and the encryption ephemerjil public kcyX the ciphertext message and the second value 
s of the digital signature are transmitted from a sender to a receiver. At the receiver, the transmitted cipliertext 
message is decrypted, the first value r of the digital signature is calculated using the decrypted message and the 
5 transmitted encryption ephemeral public key Xand the digital signature is validated based on the calculated first 
value r and the transmitted second value s. 

With respect to the notation adopted herein and described below, the improved digital signature 
scheme uses the value of x, an encryption ephemeral key, for the value of z, a signature ephemeral key, mstead 
of generating a random value for 2, as in the prior art. Consequently, the transmitted digital signature of the 
1 0 present invention comprises a value s, A value of r, which according to conventional methods must be transmitted 
% 3 with the message, is instead reconstructed on the recipient end based on given vakies in the sender's transmission. 
%2 In this improved scheme the overall combined El Gamal encryption scheme and the Nyberg-Rueppel digital 
I J signature scheme is optimized for faster computation time and lower overhead bandwidth. In particular, the 
CO computation of Z - zG is avoided by the sender in the digital signature stage and the byte-size overhead 
S 1 5 associated with the digital signature transmission is reduced. 

M The present invention is preferab'ly configured to operate in conjunction with small <ievices 

1: 3 having limited processing and storage such as those disclosed in co-pending United States Patent Application 

No. 09/106,5 85 titled "Hand-Held Electronic Device With a Keyboard Optimized for Use With The Thumbs", 

the disclosure of which is hereby incorporated into this disclosure by reference. Other systems and devices in 
20 which the invention may be implemented include, but are not limited to, wireless communication systems, 

wireless hand-held communication devices, personal digital assistants (PDAs), cellular phones and two-way 

pagers. 

The present invention addresses specific dilemmas faced in electronic communication devices 
that are both bandwidth and computation load sensitive. 
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Further features of the invention will be described or will become apparent in the courss of the 
following detailed description. 



BRIEF DESCRIPTION OF THE DRAWINGS 

5 In order that the invention may be more clearly understood, the preferred embodiment Ihereof 

will now be described in detail by way of example, with reference to the accompanying drawings, in wliich: 
Fig. 1 is a ftuictional diagram of a prior art El Gamal public-key encryption scheme; 
Fig. 2 is a fimctional diagram of a prior art Nyberg-Rueppel digital signatures scheme; 
Fig. 3 is a functional diagram of a prior art public-key system combining the schemes illuistrated 

10 in Figs. 1 and 2; 

J Fig. 4 is a functional diagram of the present invention's public-key system with an improved 

3 digital signature scheme; and 

J Fig. 5 is a block diagram of a communication system in which the invention could be 

implemented. 

J5 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

Notation Explanation 

For clarity of the detailed description, the notation used herein is now defmed. hi the improved 
20 encryption and digital signature scheme to be described, any fmite cyclic group, such as the group of points on 
an elliptic curve over a finite field is suitable for its application. Li the preferred embodiment described herein, 
the present invention is based on combining the El Gamal encryption scheme and the Nyberg-Rueppel digital 
signature scheme. Other enciyption and digital signature schemes are all well within the scope of the invention. 

Upper case letters, such as A, G, K, Q, X, Z, denote group elements. An upper case G 
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throughout this description is a generator of the group and has order n. Lower case letters, such as a, b, h, r, s, 
X, z, denote integers modulo (mod) n. An upper case letter with an asterisk, such as. Z*, denotes the conversion 
of a corresponding group element, i,e. Z, to an integer. For elliptic curves, Z=(x,y) and Z* is usually derivsd from 
the X of Z The group operation is denoted by zmdaA = A + A + . , .-^ A, a times, hi addition, ciphertext = 
5 encrypt (K, message) denotes a symmetric key encr/ption ftmction that encrypts a plaintext message using a k^ 
derived from a group element K and returns the corresponding ciphertext. Likewise, message = deaypt (K, 
ciphertext) denotes a symmetric key decryption function that decrypts a ciphertext using a key derived from a 
group element K and returns the corresponding plaintext message. Finally, h = hash (message) denotes a 
cryptographically secure hash ftinction that hashes a message to an integer modulo n, 
1 0 The detailed description now follows with reference to Figs. 1-5 . In the fimctional diagrams of 

% 3 Figs. 1 -4, time is represented as increasing fi-om the top to the bottom of the diagrams, as indicated hy the "f ' 
y arrow atthe top of each diagram. 

L J Fig. 1 is a schematic of the prior jirt El Gamal public key encryption scheme 10. An 

^ 3 encrypted message exchange between a notional s^mder, Alice 20, and a notional recipient. Bob 30 is 
i 1 5 illustrated therein. In a certification stage 40, Bob randomly generates private key Z» and computes public key 

B = bG, as shown at 12. For the purposes of this description, it is assumed that Alice has Bob's autkintic 
! f pubhc key 5. A certification authority, if used, validates a public key by creating and issuing a certificate. 

Alice may receive Bob's certificate 14 directly from Bob, or from a publicly accessible public key repc^sitory. 
Alice verifies that the signature on the certificate i s correct, and that the certificate has not expired or been 
20 revoked. If those conditions are satisfied, then the public key 5 in the certificate 14 may be trusted. 

In the illustrated encryption process 10, the sender Alice performs the processing indicated in 
block 16. A random integer x, known as an encryption ephemeral private key is generated and an encryption 
ephemeral public key X = xG is calculated. X and x comprise an encryption ephemeral key pair. Alice then 
generates a secret encryption k^K^xB =xbG and encrypts her plaintext message 18 with secret key K 20. The 

6/8/00 7 



encryption ephemeral public key Zand ciphertext message 22 are then transmitted to Bob. Bob then calculates 
secret key K = bX= bxG ^xbG^xBmd decrypts the ciphertext 22 back into plaintext message 18, Tliis key 
agreement scheme is a protocol by which a pair of users, communicating over an insecure channi^l, may 
independently calculate the same secret key from publicly communicated values. 
5 Fig, 2 is a schematic of the prior art Nyberg-Rueppel digital signature scheme 60. In this 

scheme, Alice randomly generates private key a and computes public key ^ = aG (see block 24). Simihir to the 
scheme of Fig. 1, it is assumed that Bob has obtained Alice's authentic public key either directly from .Mice or 
through a certificate 26 from a certification authority or public key repository. As shown in Fig. 2, a hash value 
h 32 is created from the message using a hash function. An ephemeral signature key pair (Z, z) is produced by 
1 0 randomly generatmg ephemeral signature private key z 34 and calculating ephemeral public key Z 36, vAere Z 
3 = zG, The digital signature 38, comprising values r^Z'^^h mod nmds=z-ar mod n, are calcul^led and 
i transmitted with message 18 to Bob, 

■i This scheme requires the message 18 as input into the signature and verification algorithms 42, 

The verification portion of the scheme verifies a signature with Ahce's public key A, given the digital s ijgnature 

is 38 comprising integers r, s and the message 18. The recipient verifies the message by creating the hasb value 

t h 32 using the same hash function and processing it with Alice's public key. The verification output is compared 

f with the received signature r, s to determine its validity, as shown in block 42, 

Fig. 3 is illustrative of a traditional prior art public key encryption scheme using the Bl 
Gamal public key encryption scheme and the Nyberg Rueppel digital signature scheme. Li this scheme 80, 

20 there are three main stages to a public key encryption scheme. First, there is a preliminary certificatio]! 

scheme 40, during which Alice and Bob obtain each other's authentic public key ^ and B. Second, there is an 
encryption process 50. Third, there is a digital signature scheme 70. As the El Gamal and Nyberg-Rueppel 
schemes have been described separately above, a detailed description of the combined encryption/signature 
scheme in Fig. 3 will not be pursued. However, it is highlighted that the signature ephemeral private kisy z 34 
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is randomly generated by the sender, the signature ephemeral public key Z 36 is computed by the sender and 
the transmitted digital signature 38 comprises the integers r and s. The values of r and ^ representing tlie 
transmitted digital signature 38 are transmitted witli the encryption public key X and the ciphertext in the 
prior art. 

There are, however, some undesirable characteristics associated with this prior art ap]3roach. 
Firstly, computational resources and time are consumed where Z is calculated with large bit numbers. 
Secondly, the byte-size overhead associated with thie public-key transmitted information is undesirably large 
for bandwidth sensitive devices such as wireless communication devices. The present invention addresises 
these two undesirable qualities. 

Fig. 4 illustrates an overview of a preferred embodiment of the present invention. Like the 
prior art, there are three main stages to the preferred embodmient of the present invention, namely the 
certification 40% encryption 50* and digital signature W stage. 

hi the certification stage, Alice generates a long term random private key a and computes 
public key A where ^ = aG, Likewise, Bob randomly generates private key b and computes public key 5, 
where B = bG, As described above in relation to Figs. 1-3, Alice and Bob exchange authentic public keys A 
and B dhectly, through a certification authority or through a public key repository 

In the encryption stage 40', AUce generates an encryption ephemeral private key as random 
integer value x and computes a corresponding encryption ephemeral public key X, where Z = xG. As 
described above, the set {X, x) represents the ephemeral key pair produced m the encryption scheme. ^^Vith 
this information, Alice uses Bob' s public key B to compute secret key K 20, given by ^ = xB, Alice then 
encrypts the message producmg ciphertext - encrypt (K, message) 22, 

The present invention outlined in Fig. 4 deviates fi-om the prior art scheme of Fig. 3 in several, 
important aspects. The improved digital signature scheme of the present invention uses the encryption 
ephemeral key pair {X x) produced m the encryption stage 50' as a substittite for the signattire ephemeral key 
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pair (Z, z) required in the digital signature stage 70' . The value of signature ephemeral private key z 34^ is 
set to the value of encryption ephemeral private key x from the encryption stage. Consequently, the random 
generation of z and the computation of Z 36' are not required since signature ephemeral public key Z 36' 
equals encryption ephemeral public key X20. Advjintageously, this reduces the computational load on the 
5 sender, hi essence, the value for x is used for two different purposes, hi the first instance, x is used for the 
encryption process scheme 50'. hi the second instance, the x is also used in the digital signature scheme 70', 
After transmission of the encryption public key X20, ciphertext 22 and signature s 38', Bob 
may then calculate secret key i: = bXmd then decrypt the message by message = decrypt (K, ciphertext). 
The digital signature scheme then preferably hashes the message 40 to calculate ft, as indicated in block 42'. 
1 0 Two pieces of information for the digital signature still need to be computed, namely integers r and s. The 
\ 3 uitegers are calculated as follows: r = Z* + h mod n=X* + h mod nmds=z-'ar mod n^x-ar mod n. 
^ 3 However, only s in addition to the encryption ephaneral public key JT and the ciphertext must be transmitted 
to Bob in the mventive scheme 80'. Rather than r being transmitted to Bob, r is instead reconstructed at the 
^ 0 receive side by calculating r = Z* + ft mod n. hi tliis manner, the overall byte-size overhead associated with 
^15 the digital signature 38' is reduced by not transmitting r. hi a specific embodunent of the mvention, the 
^ I savmg was in the range of twenty-two bytes, hi portable two-way wireless communication devices, re<iucmg 
: i the transmission by twenty-two bytes is consideral)ly useful and advantageous. 

The inventive encryption and signature scheme outlined in Fig. 4 would preferably be 
implemented in software m a communication system. The block diagram in Fig. 5 represents one such system 
20 100 in which the mventive scheme could be used. Jn Fig. 5, 110, 112 and 114 are communication devices and 
116 is certification authority or public key repository, hi order for the devices to communicate using tlie 
inventive scheme, each device must first exchange authentic public keys with the other device or devices with 
which communication is desired. As shown in Figure 5 and described above, each device may communicate 
with a certification authority or public key repository 1 16 or with each other to accomphsh public key 
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exchange. Each communication device may incorporate software or hardware to perform the inventive 
encryption and signature scheme. Communication devices 110, 112 and 114 may be wired or wireless 
commimication devices. This invention has particular application in, but not limited to. Personal Digital Assistiints, 
mobile communication devices, cellular phones, two-way pagers and wireless two-way e-mail communication devices. 
5 One such illustrative device that may implement the present iavention is disclosed in co-pending United States Patent 
Application No. 09/106,585, referenced above, hi m alternative embodiment of the present uivention, a 
system disclosed m Figure 2 of PCT/CA99/00494 titled "System and Method for Pushing hrformation From 
a Host System to Mobile Data Communication Device", the specification of which is hereby mcorporated by 
reference into the present disclosure, may implement the present invention, hi all such systems, a typical 
1 0 system for which the present mvention is particularly useful is a low bandwidth system such as one that 
' i utihzes an RF link m the communication path. The system and method of pushing information from a host 
; i system to a mobile described in the latter application is only one preferred system and method for the i^resent 
I- 1 invention herein; however, it is to be understood other types of systems and methods could be implemented 
J ^ that utihzes the present invention. 

; 15 It will be appreciated that the above description relates to a preferred embodiment b}^ way of 

1 1 example only. Many variations on the invention will be obvious to those knowledgeable m the field, and such 
r i obvious variations are within the scope of the invention as described and claimed, whether or not expressly 

described. For instance, the aforementioned process could obviously be extended to mclude multiple recipients 

from a single sender. 
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I claim: 



L A public-key encryption process comprising the steps of: 

a) encrypting a plaintext message into a ciphertext message, the encrypting step includes the step of 
producing an ephemeral key pair; and 

b) signing a digital signature using the ephemeral key pair. 

2. A public-key encryption process according to claim 1, wherein the encrypting step uses an E] Gamal 
encryption scheme, 

3. A pubUc-key encryption process according to claim 1, wherein the step of signing a digital signature 
comprises generating the digital signature using a Nyberg-Rueppel digital signature scheme. 

4. A public-key encryption process according to claim 1 , wherein the step of producing the ephemeral key 
pair comprises the steps of generating tin encryption ephemeral private key x and calculating an 
encryption ephemeral public key X ^ xG, where G is a generator. 

5. A public-key encryption process according to claim 1, for encrypting messages for communication 
between a sender and a receiver, the process fiirther comprising the steps of, 

at the sender, 

a) generating a sender private key a; and 

b) calculating a sender public key A = aG, where G is a generator, 
and at the receiver, 

a) generating a receiver private key b; and 
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b) calculating a receiver public key B = bG, 

wherein the sender obtains an authentic copy of the receiver public key B and the receiver obtains an 
authentic copy of the sender public key ^. 

6. A public-key encryption process according to claim 5, wherein the step of producing the ephemeral key 
pair comprises the steps of generating an encryption ephemeral private key x and calculating an 
encryption ephemeral public keyX xG. 

7. A public-key encryption process according to claim 6, further comprising the steps of, at the sender, 
generating a secret key K=-xBmd encrypting a plaintext message using the secret key Kto generate a 
ciphertext message. 

8. A public-key encryption process according to claim 7, &rther comprising the steps of, at the sender, 
using the encryption private key x as a signature ephemeral private key and using the encryption 
ephemeral pubHc key X as a signature ephemeral public key to generate a digital signature. 

9. A pubUc-key encryption process according to claim 8, wherein the digital signature comprises a first 
value r and a second value s, the process further comprising the step of, at the sender, transmiitting the 
encryption ephemeral pubUc key the ciphertext message and the second value s of the digital signature 
to the receiver. 

10. A public-key encryption process according to claim 9, fiuther comprising the steps of, at the receiver, 
generating the secret key K - bX, decrypting the transmitted ciphertext message using the generated 
secret key K, calculating the first value r of the digital signature using the decrypted message and the 
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transmitted encryption ephemeral public key X and validating the digital signature based on the 
calculated first value r and the transmitted second value s. 

1 L A pubUc-key encryption process according to claim 1, implemented in a wireless communication system. 

12. A public-key encryption process according to claim 1, miplemented in a wireless hand-held 
communication device, 

13. A public-key encryption process according to claim 1, implemented in a personal digital assistant. 

14. A public-key encryption process according to claim 1, implemented in a cellular phone. 

15 . A public-key encryption process according to claim 1, implemented in a two-way pager, 

16. A public-key encryption system comprising: 

a) means for encrypting a plaintext message into a ciphertext message, the means for enc^iypting 
producing an ephemeral key pair; and 

b) means for signing a digital signature using the ephemeral key pair. 

17. A public-key encryption system according to claim 16, wherein the means for encrypting employs an El 
Gamal encryption scheme. 



18. A pubhc-key encryption system according to claim 16, wherein the means for signing a digital sjignature 
generates the digital signature using a Nytterg-Rueppel digital signature scheme. 
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19. A public-key encryption system according to claim 1 6, wherein the means for encrypting produces the 
ephemeral key pair by generating an enciyf>tion ephemeral private key x and calculating an encryption 
ephemeral public key X = xG, where G is a generator. 

20. A public-key encryption system according to claim 16, for encrypting messages for communication 
between a sender and a receiver, the system further comprising, 

at the sender, 

a) means for generating a sender private key a; and 

b) means for calculating a sender public key A - aG, where G is a generator, 
and at the receiver, 

a) means for generating a receiver private key and 

b) means for calculating a receiver public key B = bG, 

wherein the sender obtains an authentic copy of the receiver public key B and the receiver obtiains an 
authentic copy of the sender pubhc key ^. 

2L A public-key encryption system according to claim 20, wherein the means for encrypting produces the 
ephemeral key pair by generating an encryption ephemeral private key x and calculating an encryption 
ephemeral public key X = xG, 

22, A public-key encryption system according to claim 21, wherein the means for encrypting generates a 
secret key K = xBmd uses the secret key K to encrypt a plaintext message and thereby generate a 
ciphertext message. 
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23 . A pubUc-key encryption system according to claim 22, wherein the means for signing uses the encryption 
private key x as a signature ephema-al private key and uses the encryption ephemeral public key X as a 
signature ephemeral public key to generate a digital signature. 

24. A public-key encryption system according to claim 23 , wherein the digital signature comprises a first 
value r and a second value s, the system fiirther comprising, at the sender, means for transmitting the 
encryption ephemeral public key the ciphertext message and only the second value s of the digital 
signature to the receiver. 

25. A public-key encryption system according to claim 24, further comprising, at the receiver, means for 
decrypting a ciphertext message and means for vaUdating a digital signature, wherein the means for 
decrypting generates the secret key K = bXmd decrypts the transmitted ciphertext message using the 
generated secret key K, and the means for validating calculates the first value r of the digital signature 
using the decrypted message and the transmitted encryption ephemeral public key X and vaUdates the 
digital signature based on the calculated first value r and the transmitted second value s. 

26. A public-key encryption system according to claim 16, implemented in a wireless communication system. 

27. A public-key encryption system according to claim 16, implemented in a wireless hjind-held 
commiuiication device. 

28. A public-key encryption system according to claim 1 6, implemented in a personal digital assistant. 

29. A public-key encryption system according to claim 16, implemented in a cellular phone. 
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A public-key encryption system according to claim 16, implemented in a two-way pager. 



3 L A software program on a computer-readable storage medium, which when executed by a processor 
5 performs a public-key encryption process comprising the steps of: 

a) encrypting a plaintext message into a ciphertext message, the encrypting step includes the step of 
producing an ephemeral key pair; and 

b) signing a digital signature for the ciphertext message using the ephemeral key. 

10 32. A software program according to claim 3 ] , wherein the encrypting step uses an El Gamal encryption 
i I scheme. 

^ I 33 . A software program according to claim 3 L, wherein the step of signing a digital signature comprises 
: J generatmg the digital signature using a Nyberg-Rueppel digital signature scheme. 

34. A software program according to claim 3 1, wherein the step of producing the ephemeral key pair 
i J comprises the steps of generating an encryption ephemeral private key x and calculating an encryption 

ephemeral public key X ^ xG, where G is a generator. 



20 35. A software program according to claim 3 1, for encrypting messages for communication between a sender 
and a receiver, the software program performing the further steps of, 
at the sender, 

a) generating a sender private key a; and 

b) calculating a sender public key A - a G, where G is a generator, 
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and at the receiver, 

a) generating a receiver private key b\ and 

b) calculating a receiver public key B = bG, 

wherein the sender obtains an authentic copy of the receiver pubUc key B and the receiver obtains an 
authentic copy of the sender public key ^. 

36. A software program according to claim 35, wherein the step of producing the ephemeral key pair 
comprises the steps of generating an encryption ephemeral private key x and calculating an enc ryption 
ephemeral public key JT = xG, 

37. A software program according to claim 36, \^4lerein the software program performs the further steps of, 
at the sender, generating a secret key K = xB and encrypting a plaintext message using the secret t key K 
to generate a ciphertext message. 

38. A software program according to claim 37, wherein the software program performs the further steps of, 
at the sender, using the encryption private key x as a signature ephemeral private key and using the 
encryption ephemeral public key X as a signature ephemeral public key to generate a digital signature. 

39. A software program according to claim 3 8, wherein the digital signature comprises a first value r and 
a second value s, the software program performing the further step of, at the sender, transmiiling the 
encryption ephemeral pubUc key ^ the ciphertext message and the second value s of the digital signature 
to the receiver. 

40. A software program according to claim 39, the software program performing the steps of, at the receiver, 
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generating the secret key K = bX, decrypting the transmitted ciphertext message using the generated 
secret key K, calculating the first value r of the digital signature using the decrypted message ijnd the 
transmitted encryption ephemeral public key X and validating the digital signature based on the 
calculated first value r and the transmitted second value s. 

5 

41 . A software program according to claim 3 1, installed in a wireless communication system. 

42. A software program according to claim 3 1, installed in a wireless hand-held communication device. 
10 43. A software program according to claim 31, installed in a personal digital assistant. 

3 44. A software program according to claim 3 1 , installed in a cellular phone. 

i;3 45. A software program according to claim 31, installed in a two-way pager. 
v|5 
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AltSTRACT 

An improved encryption and digital signature system and method in accordance \sath the 
invention reuses an encryption ephemeral key pair fiom an encryption process in a digital signature process. The 
reuse of the encryption ephemeral key pair in the digital signature process advantageously results in reduced byte 
size of the digital signature and reduction of costly computation overhead. In a preferred embodim<snt, the 
invention is based on the El Gamal encryption scheme and the Nyberg-Rueppel signature scheme. The present 
invention is particularly useful for operation in conjunction with small communication devices having limited 
processing and storage, wherein such devices may communicate via bandwidth sensitive RF links. 
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